From 62f67077213facfab5944b1b68e810595dd0d3fb Mon Sep 17 00:00:00 2001 From: Eder Ignatowicz Date: Fri, 20 Dec 2024 08:52:12 -0500 Subject: [PATCH] fix(frontend): fixing cve (low severity), build(deps): bump sass from 1.80.6 to 1.83.0, and also type check (#657) Signed-off-by: Eder Ignatowicz --- clients/ui/frontend/package-lock.json | 24 +++++++++---------- clients/ui/frontend/package.json | 4 ++-- .../frontend/src/shared/utilities/markdown.ts | 3 +-- 3 files changed, 15 insertions(+), 16 deletions(-) diff --git a/clients/ui/frontend/package-lock.json b/clients/ui/frontend/package-lock.json index f85da266..598c42db 100644 --- a/clients/ui/frontend/package-lock.json +++ b/clients/ui/frontend/package-lock.json @@ -24,7 +24,7 @@ "react": "^18", "react-dom": "^18", "react-router": "^7.0.2", - "sass": "^1.78.0", + "sass": "^1.83.0", "showdown": "^2.1.0" }, "devDependencies": { @@ -78,7 +78,7 @@ "react-refresh": "^0.14.2", "react-router-dom": "^7.0.2", "regenerator-runtime": "^0.14.1", - "sass": "^1.56.2", + "sass": "^1.83.0", "sass-loader": "^13.2.0", "serve": "^14.2.4", "speed-measure-webpack-plugin": "^1.5.0", @@ -11528,9 +11528,9 @@ } }, "node_modules/immutable": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/immutable/-/immutable-4.3.7.tgz", - "integrity": "sha512-1hqclzwYwjRDFLjcFxOM5AYkkG0rpFPpr1RLPMEuGczoS7YA8gLhy8SWXYRAA/XwfEHpfo3cw5JGioS32fnMRw==", + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/immutable/-/immutable-5.0.3.tgz", + "integrity": "sha512-P8IdPQHq3lA1xVeBRi5VPqUm5HDgKnx0Ru51wZz5mjxHr5n3RWhjIpOFU7ybkUxfB+5IToy+OLaHYDBIWsv+uw==", "dev": true, "license": "MIT" }, @@ -14865,9 +14865,9 @@ } }, "node_modules/nanoid": { - "version": "3.3.7", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", - "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", + "version": "3.3.8", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz", + "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==", "dev": true, "funding": [ { @@ -17830,14 +17830,14 @@ "license": "MIT" }, "node_modules/sass": { - "version": "1.80.6", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.80.6.tgz", - "integrity": "sha512-ccZgdHNiBF1NHBsWvacvT5rju3y1d/Eu+8Ex6c21nHp2lZGLBEtuwc415QfiI1PJa1TpCo3iXwwSRjRpn2Ckjg==", + "version": "1.83.0", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.83.0.tgz", + "integrity": "sha512-qsSxlayzoOjdvXMVLkzF84DJFc2HZEL/rFyGIKbbilYtAvlCxyuzUeff9LawTn4btVnLKg75Z8MMr1lxU1lfGw==", "dev": true, "license": "MIT", "dependencies": { "chokidar": "^4.0.0", - "immutable": "^4.0.0", + "immutable": "^5.0.2", "source-map-js": ">=0.6.2 <2.0.0" }, "bin": { diff --git a/clients/ui/frontend/package.json b/clients/ui/frontend/package.json index e131fd12..ca32705b 100644 --- a/clients/ui/frontend/package.json +++ b/clients/ui/frontend/package.json @@ -81,7 +81,7 @@ "react-refresh": "^0.14.2", "react-router-dom": "^7.0.2", "regenerator-runtime": "^0.14.1", - "sass": "^1.56.2", + "sass": "^1.83.0", "sass-loader": "^13.2.0", "serve": "^14.2.4", "speed-measure-webpack-plugin": "^1.5.0", @@ -115,7 +115,7 @@ "react": "^18", "react-dom": "^18", "react-router": "^7.0.2", - "sass": "^1.78.0", + "sass": "^1.83.0", "dompurify": "^3.2.3", "showdown": "^2.1.0", "classnames": "^2.2.6" diff --git a/clients/ui/frontend/src/shared/utilities/markdown.ts b/clients/ui/frontend/src/shared/utilities/markdown.ts index 9b0b2ec3..0bbfa6d9 100644 --- a/clients/ui/frontend/src/shared/utilities/markdown.ts +++ b/clients/ui/frontend/src/shared/utilities/markdown.ts @@ -13,8 +13,7 @@ export const markdownConverter = { // add hook to transform anchor tags DOMPurify.addHook('beforeSanitizeElements', (node) => { - // nodeType 1 = element type - if (node.nodeType === 1 && node.nodeName.toLowerCase() === 'a') { + if (node instanceof HTMLAnchorElement) { node.setAttribute('rel', 'noopener noreferrer'); } });